Commit Graph

4340 Commits (c1f9b724cf1388dd207b81def039e5c0f2d353b2)

Author SHA1 Message Date
Pearce Barry ec020e3d07
Land #7611, cisco_ironport_enum falsely claimed connection failed
Fixes #7610
2016-11-24 09:54:09 -06:00
Jin Qian 65b858ac06 Fix issue 7610, cisco_ironport_enum falsely claimed connection failed.
Make sure we return 1 in check_conn method.
2016-11-23 14:59:07 -06:00
Jin Qian b7ae7a47be Fix issue #7608 where the SSL option was not turned on by default
Set the SSL option to be on by default.
2016-11-23 14:45:42 -06:00
Jin Qian 0df3e17e0c Fix the issue in MS2132 where OWA_LOGIN doesn't continue on connection error.
The possibility of temporary connnection disruption means this module should keep trying other user/pass pairs upon error.
2016-11-23 09:56:27 -06:00
wchen-r7 83a3a4e348 Fix #7463, check nil return value when using redis_command
Fix #7463
2016-11-21 15:52:12 -06:00
William Vu 6f8660f345
Land #7586, NameError fix for brute_dirs 2016-11-21 14:46:19 -06:00
William Vu c8320d661f
Land #7590, mixin order fix for buffalo_login 2016-11-21 13:57:27 -06:00
Jin Qian 90d360a592 Fix the issue 7589, both RHOST and RHOSTS options are quired
Thanks to Will who found it's due to the order of mixin.
2016-11-21 11:06:32 -06:00
Jin Qian 18b873be47 Fix the exception issue reported in issue #7585
Fix the exception by initialize a key variable that caused the exception.
2016-11-21 10:00:23 -06:00
wchen-r7 00e4a8881f
Land #7574, Update open_proxy aux module 2016-11-18 11:41:43 -06:00
wchen-r7 d3adfff663 Change syntax 2016-11-18 11:41:04 -06:00
wchen-r7 f894b9a4c5 Fix typo 2016-11-18 11:39:26 -06:00
Brendan f2b9498643
Land #7576, Fix RHOSTS use in auxiliary/scanner/ftp/titanftp_xcrc_traversal 2016-11-17 13:06:29 -06:00
Jin Qian c03f35ef13 Fix the hanging of module auxiliary/scanner/ftp/titanftp_xcrc_traversal.rb
Thanks for Wei who pointed out the error: in store_loop call, it used "rhosts", should have been ip.
2016-11-17 10:08:59 -06:00
Cantoni Matteo c9b9be9328 Update open_proxy aux module 2016-11-17 15:44:03 +01:00
William Vu 5c065459ae print_{good,error} more specifically in open_x11 2016-10-31 11:29:00 -05:00
William Webb 9672759be8
Land #7462, Add support for Unicode domains 2016-10-26 16:47:09 -05:00
Jon Hart 342bfd628a Dont' set default PORTS or PROBE options. Require user configuration. 2016-10-25 15:58:46 -05:00
Jon Hart 2a18ea0e33 Initial commit of generic module for detecting UDP amplification vulnerabilities 2016-10-25 15:58:46 -05:00
Jon Hart 7f65b28483
Deprecate udp_probe in favor of udp_sweep 2016-10-23 13:06:58 -07:00
Brendan b5a41c3011 Convert ANSI data to UTF-8 char by char because MS might
put an invalid character in the WORKGROUP name during SMB
handshake
2016-10-19 17:42:26 -05:00
William Vu 2668a4a1cd
Fix #6993, tnspoison_checker cleanup 2016-10-19 00:53:33 -05:00
William Webb 8e2ff8df80
Land #7433, Add IP Addresses to HTTP PUT/DELETE scanner output 2016-10-14 13:27:17 -05:00
Brent Cook 9fbe1ddd9d
Land #7384, CVE-2016-6415 - Cisco IKE Information Disclosure 2016-10-14 08:41:34 -05:00
nixawk b74539be44 check if isakmp payload is same to IKE Leak data 2016-10-13 04:20:23 -05:00
nixawk 7536d1d94a print leak data 2016-10-12 02:42:50 -05:00
nixawk 70d4833654 Fix report_vuln 2016-10-12 02:16:00 -05:00
Alton J 98d7b19ab9 Passed IP parameter to additional functions. 2016-10-11 15:09:50 -05:00
Alton J acff0fa9cf Added IP addresses to output. 2016-10-11 14:43:42 -05:00
Alton J f0ff4a0721 Added IP addresses to output. 2016-10-11 14:42:06 -05:00
Sonny Gonzalez 3fd806b87f Merge remote-tracking branch 'upstream/pr/6993' into land-6993 2016-10-11 09:33:26 -05:00
Brent Cook e074669406
Land #7296, Added a SCADA module for detecting Profinet devices, e.g. Siemens controllers 2016-10-08 21:34:40 -05:00
Stephen Haywood 2d361fabc6 No need to interpolate when using .to_s 2016-10-03 11:38:36 -04:00
Stephen Haywood 95f9b778bd Use standard status messages instead of verbose. 2016-10-03 11:01:51 -04:00
Stephen Haywood d088005d95 TABLE_NAME option not needed. 2016-10-03 10:58:13 -04:00
Stephen Haywood 5f12c8e026 Incorrect warning message
The filename is not always test so the warning message and the note in the description are incorrect.
2016-10-03 10:57:25 -04:00
Stephen Haywood 25996a16bb Fixed file read block. 2016-10-03 10:47:03 -04:00
Stephen Haywood 708eb0eb4f Fixed syntax error. 2016-10-03 10:17:29 -04:00
Stephen Haywood fac03570d1 Use File.open block. 2016-10-03 10:09:45 -04:00
Stephen Haywood bc57537205 Add warning statement. 2016-10-03 10:07:40 -04:00
Stephen Haywood a627c3cd5e Removed unnecessary return statements. 2016-10-03 10:02:26 -04:00
Stephen Haywood 6fa8f40b31 Use unless instead of if (not ...) 2016-10-03 10:00:56 -04:00
Interference Security 3e01dbfded Fixed Space-Tab mixed indent warning 2016-10-01 15:13:26 +05:30
Interference Security 4227cb76a8 Fixed stack trace bug & verified logic
- Fixed stack trace bug when value of "packet" is nill.
- Verified logic of Oracle TNS Listener poisoning which requires an ACCEPT response to be marked as vulnerable.
2016-10-01 15:01:02 +05:30
Stephen Haywood 63c0b6f569 Login failure message. 2016-09-30 17:09:41 -04:00
Stephen Haywood 7996c4b048 Warning about leaving files on disk. 2016-09-30 14:53:15 -04:00
Stephen Haywood 3e4a23cdf6 Removed unnecessary require statement. 2016-09-30 14:51:43 -04:00
nixawk ac76c3591a reference urls 2016-09-29 22:43:00 -05:00
nixawk 5929d72266 CVE-2016-6415 - cisco_ike_benigncertain.rb 2016-09-29 22:25:57 -05:00
averagesecurityguy f7e588cdeb Initial commit of module. 2016-09-28 14:55:32 -04:00
Brendan b9de73e803
Land #7334, Add aux module to exploit WINDOWS based (java) Colorado
FTP server directory traversal
2016-09-26 14:15:23 -05:00
Tijl Deneut 2fab62b14d Update profinet_siemens.rb
Removed unnecessary rescue, gave "timeout" variable a better name.
2016-09-23 18:05:45 +02:00
Brent Cook a9a1146155 fix more ssh option hashes 2016-09-20 01:30:35 -05:00
David Maloney e315ec4e73
Merge branch 'master' into bug/7321/fix-ssh-modules 2016-09-19 15:27:37 -05:00
David Maloney 06ff7303a6
make pubkey verifier work with old module
make the new pubkey verifier class and
the old identify_pubkeys aux module work
together

7321
2016-09-19 15:20:35 -05:00
h00die 9c922d111f colorado ftp 2016-09-18 20:03:16 -04:00
William Vu 4ba1ed2e00
Fix formatting in fortinet_backdoor
Also add :config and :use_agent options.
2016-09-16 12:32:30 -05:00
David Maloney 26491eed1a
pass the public key in as a file instead of data
when using key_data it seems to assume it is a private
key now. the initial key parsing error can be bypassed
by doing this

7321
2016-09-16 11:48:51 -05:00
David Maloney dfcd5742c1
some more minor fixes
some more minor fixes around broken
ssh modules

7321
2016-09-15 14:25:17 -05:00
David Maloney e10c133eef
fix the exagrid exploit module
split the exagrid exploit module up and
refactor to be able to easily tell if the
key or the password was used

7321
2016-09-15 11:44:19 -05:00
Brent Cook 7352029497 first round of SSL damage fixes 2016-09-13 17:42:31 -05:00
wchen-r7 245237d650
Land #7288, Add LoginScannerfor Octopus Deploy server 2016-09-13 17:26:56 -05:00
Tijl Deneut 8df8f7dda0 Initial commit of profinet_siemens.rb 2016-09-11 09:15:41 +02:00
Brent Cook a81f351cb3
Land #7274, Remove deprecated modules 2016-09-09 12:01:59 -05:00
Brent Cook 1d4b0de560
Land #6616, Added an Outlook EWS NTLM login module. 2016-09-09 11:43:52 -05:00
Brendan a30711ddcd
Land #7279, Use the rubyntlm gem (again) 2016-09-07 16:33:35 -05:00
aushack 7632c74aba Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2016-09-07 14:15:57 +10:00
aushack 6e21684ff7 Fix typo. 2016-09-07 14:08:46 +10:00
james-otten dcf0d74428 Adding module to scan for Octopus Deploy server
This module tries to log into one or more Octopus Deploy servers.

More information about Octopus Deploy:
https://octopus.com
2016-09-06 20:52:49 -05:00
William Vu fed2ed444f Remove deprecated modules
psexec_psh is undeprecated because users have been reporting
idiosyncrasies between it and psexec in the field.
2016-09-03 12:43:01 -05:00
Jon Hart b0e45341e5
Update redis file_upload to optionally FLUSHALL before writing
This increases the chances that the uploaded file will be usable as-is
rather than being surround by the data in redis itself.
2016-08-31 14:27:18 -07:00
Brendan b21ea2ba3f Added code to assign CPORT value to the parent scanner object 2016-08-29 13:17:10 -05:00
Pearce Barry 226ded8d7e
Land #6921, Support basic and form auth at the same time 2016-08-25 16:31:26 -05:00
William Vu cd858a149f Add DETECT_ANY_AUTH to make bogus login optional 2016-08-23 23:05:47 -05:00
David Maloney 20947cd6cd
remove old dependency on net-ssh moneykpatch
the ssh_login_pubkey scanner relied on functionality that
was monkeypatched into our vendored copy. this was an uneeded solution
in the first palce, and we now use a more sane method of accomplishing
the same thing
2016-08-22 10:54:09 -05:00
wchen-r7 5f8ef6682a Fix #7202, Make print_brute print ip:rport if available
Fix #7202
2016-08-16 15:34:30 -05:00
David Maloney eb73a6914d
replace old rex::ui::text::table refs
everywhere we called the class we have now rewritten it
to use the new namespace

MS-1875
2016-08-10 13:30:09 -05:00
Jon Hart 554a0c5ad7
Deprecate nbname_probe, which duplicate nbname as of 77cd6dbc8b 2016-08-02 17:36:22 -07:00
wchen-r7 cce1ae6026 Fix #6989, scanner modules printing RHOST in progress messages
Fix #6989
2016-07-25 23:15:59 -05:00
James Lee ff63e6e05a
Land #7018, unvendor net-ssh 2016-07-19 17:06:35 -05:00
Brent Cook b08d1ad8d8
Revert "Land #6812, remove broken OSVDB references"
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
2016-07-15 12:00:31 -05:00
David Maloney b6b52952f4
set ssh to non-interactive
have to set the non-interactive flag so that it does not
prompt the user on an incorrect password

MS-1688
2016-07-14 11:12:03 -05:00
David Maloney 01d0d1702b
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-07-14 09:48:28 -05:00
Brent Cook 2b016e0216
Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
Brent Cook 128f802928 use the regex source when generating or displaying a regex 2016-07-11 22:05:50 -05:00
James Lee cfb56211e7
Revert "Revert "Land #7009, egypt's rubyntlm cleanup""
This reverts commit 1164c025a2.
2016-07-07 15:00:41 -05:00
James Lee 1164c025a2 Revert "Land #7009, egypt's rubyntlm cleanup"
This reverts commit d90f0779f8, reversing
changes made to e3e360cc83.
2016-07-05 15:22:44 -05:00
David Maloney 5f9f3259f8
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-07-05 10:48:38 -05:00
Pearce Barry 159446ce92 Ensure http_login scanner module saves passwds.
Fixes #6983.  When the auxiliary/scanner/http/http_login module discovers a successful basic auth user+password combination, make sure we properly store the password by specifically telling the credentials gem that the private data we're storing is a :password.
2016-06-30 16:58:39 -05:00
David Maloney 3d93c55174
move sshfactory into a mixin method
use a convience method to DRY up creation
of the SSHFactory inside modules. This will make it easier
to apply changes as needed in future. Also changed msframework attr
to just framework as per our normal convention

MS-1688
2016-06-28 15:23:12 -05:00
David Maloney ee2d1d4fdc
Merge branch 'master' into feature/MS-1688/net-ssh-cleanup 2016-06-28 15:00:35 -05:00
David Maloney 97f9ca4028
Merge branch 'master' into egypt/ruby-ntlm 2016-06-28 14:14:56 -05:00
David Maloney 6c3871bd0c
update ssh modules to use new SSHFactory
updated all of our SSh based module to use the
new SSHFactory class to plug Rex::Sockets into
Net::SSH

MS-1688
2016-06-24 13:55:28 -05:00
David Maloney 5bc513d6cd
get ssh sessions working properly
ssh sessions now working correctly

MD-1688
2016-06-24 12:14:48 -05:00
David Maloney 3e94abe555
put net:ssh::commandstream back
this was apparently our own creation for doing
ssh sessions

MD-1688
2016-06-22 15:02:36 -05:00
James Lee 07f7e5e148
Convert non-loginscanner MSSQL to rubyntlm 2016-06-22 10:15:22 -05:00
Interference Security 0fa1fc50f8 Fixed false positive bug
Checking for "(ERROR_STACK=(ERROR=" is not enough to mark a target as vulnerable. TNS response packet bytes for "Accept" and "Refuse" are required to be sure.
Reference: https://thesprawl.org/research/oracle-tns-protocol/
2016-06-19 17:33:05 +05:30
Brendan Watters c02a05f913 Removed code that was already commented out 2016-06-17 15:47:15 -05:00
Brendan Watters 1225a93179 Moved ClamAV scanner to scanning module
s
2016-06-17 15:40:33 -05:00
Brent Cook b0bf901b22
Land #6950, avoid printing rhost:rport twice when using Msf::Exploit::Remote::SMB::Client 2016-06-09 16:35:09 -05:00